Commit graph

2893 commits

Author SHA1 Message Date
4352da9250 Merge remote-tracking branch 'exploitdb/main' 2025-07-04 00:01:55 +00:00
Exploit-DB
83f6bce1ba DB: 2025-07-03
5 changes to exploits/shellcodes/ghdb

gogs 0.13.0 - Remote Code Execution (RCE)

Wing FTP Server 7.4.3 - Unauthenticated Remote Code Execution  (RCE)

Moodle 4.4.0 - Authenticated Remote Code Execution

Microsoft SharePoint 2019 - NTLM Authentication
2025-07-03 00:16:29 +00:00
490d844e10 Merge remote-tracking branch 'exploitdb/main' 2025-06-28 00:01:52 +00:00
Exploit-DB
97a1ee1350 DB: 2025-06-27
9 changes to exploits/shellcodes/ghdb

OneTrust SDK 6.33.0 - Denial Of Service (DoS)

McAfee Agent 5.7.6 - Insecure Storage of Sensitive Information

PX4 Military UAV Autopilot 1.12.3 - Denial of Service (DoS)

Pterodactyl Panel 1.11.11 - Remote Code Execution (RCE)

Sitecore 10.4 - Remote Code Execution (RCE)

Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution (RCE)

freeSSHd 1.0.9 - Denial of Service (DoS)

Microsoft Excel 2024 Use after free - Remote Code Execution (RCE)
2025-06-27 00:16:32 +00:00
f5cdac3189 Merge remote-tracking branch 'exploitdb/main' 2025-06-22 00:01:58 +00:00
Exploit-DB
36fc0aac85 DB: 2025-06-21
4 changes to exploits/shellcodes/ghdb

FortiOS SSL-VPN 7.4.4 - Insufficient Session Expiration & Cookie Reuse

Ingress-NGINX 4.11.0 - Remote Code Execution (RCE)

Microsoft Excel LTSC 2024 - Remote Code Execution (RCE)
2025-06-21 00:16:31 +00:00
99ad39a894 Merge remote-tracking branch 'exploitdb/main' 2025-06-17 00:02:02 +00:00
Exploit-DB
3cfac1e6a4 DB: 2025-06-16
15 changes to exploits/shellcodes/ghdb

AirKeyboard iOS App 1.0.5 - Remote Input Injection

Parrot and DJI variants Drone OSes - Kernel Panic Exploit

Skyvern 0.1.85 - Remote Code Execution (RCE) via SSTI

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

Litespeed Cache WordPress Plugin 6.3.0.1 - Privilege Escalation

PHP CGI Module 8.3.4 - Remote Code Execution (RCE)

Microsoft Excel Use After Free - Local Code Execution

PCMan FTP Server 2.0.7 - Buffer Overflow

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

WebDAV Windows 10 - Remote Code Execution (RCE)

Windows 11 SMB Client - Privilege Escalation & Remote Code Execution (RCE)
2025-06-16 00:18:32 +00:00
c3a7d70fa1 Merge remote-tracking branch 'exploitdb/main' 2025-06-15 00:02:13 +00:00
Exploit-DB
b83d852b2f DB: 2025-06-14
7 changes to exploits/shellcodes/ghdb

Freefloat FTP Server 1.0 - Remote Buffer Overflow

Roundcube 1.6.10 - Remote Code Execution (RCE)

Anchor CMS 0.12.7 - Stored Cross Site Scripting (XSS)

PCMan FTP Server 2.0.7 - Remote Buffer Overflow

Windows File Explorer Windows 10 Pro x64 - TAR Extraction
2025-06-14 00:16:30 +00:00
5c22554577 Merge remote-tracking branch 'exploitdb/main' 2025-06-11 00:01:54 +00:00
Exploit-DB
2edde6c159 DB: 2025-06-10
5 changes to exploits/shellcodes/ghdb

TightVNC 2.8.83 - Control Pipe Manipulation

Laravel Pulse 1.3.1 - Arbitrary Code Injection

Microsoft Windows 11 Version 24H2 Cross Device Service - Elevation of Privilege

ProSSHD 1.2 20090726 - Denial of Service (DoS)
2025-06-10 00:16:32 +00:00
bf635dcdf2 Merge remote-tracking branch 'exploitdb/main' 2025-06-06 00:55:43 +00:00
Exploit-DB
2825165fed DB: 2025-06-06
7 changes to exploits/shellcodes/ghdb

macOS LaunchDaemon iOS 17.2 - Privilege Escalation

ABB Cylon Aspect 3.08.04 DeploySource - Remote Code Execution (RCE)

Apache Tomcat 10.1.39 - Denial of Service (DoS)

Grandstream GSD3710 1.0.11.13 - Stack Overflow

CloudClassroom PHP Project 1.0 - SQL Injection

Microsoft Windows Server 2025 JScript Engine - Remote Code Execution (RCE)
2025-06-06 00:16:28 +00:00
Exploit-DB
c3b152279e DB: 2025-05-30
7 changes to exploits/shellcodes/ghdb

Automic Agent 24.3.0 HF4 - Privilege Escalation

Fortra GoAnywhere MFT 7.4.1 - Authentication Bypass

SolarWinds Serv-U 15.4.2 HF1 - Directory Traversal

Campcodes Online Hospital Management System 1.0 - SQL Injection

WordPress Digits Plugin 8.4.6.1 - Authentication Bypass via OTP Bruteforcing

Windows File Explorer Windows 11 (23H2) - NTLM Hash Disclosure
2025-05-30 00:16:26 +00:00
Exploit-DB
d69eaacef8 DB: 2025-05-26
8 changes to exploits/shellcodes/ghdb

Java-springboot-codebase 1.1 - Arbitrary File Read

ABB Cylon Aspect Studio 3.08.03 - Binary Planting

ABB Cylon Aspect 3.08.03 - Guest2Root Privilege Escalation

Grandstream GSD3710 1.0.11.13 - Stack Buffer Overflow

WordPress User Registration & Membership Plugin 4.1.2 - Authentication Bypass

Microsoft Windows Server 2016 - Win32k Elevation of Privilege

Windows 2024.15 - Unauthenticated Desktop Screenshot Capture
2025-05-26 00:16:29 +00:00
Exploit-DB
6d030b37a6 DB: 2025-05-22
6 changes to exploits/shellcodes/ghdb

Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Linux/x86 - Reverse TCP Shellcode (95 bytes)

Linux/x86-64 - execve(_/bin/sh_) Shellcode (36 bytes)

Windows 11 x64 - Reverse TCP Shellcode (564 bytes)
2025-05-22 00:16:30 +00:00
Exploit-DB
8bc45b368a DB: 2025-05-19
4 changes to exploits/shellcodes/ghdb

Zyxel USG FLEX H series uOS 1.31 - Privilege Escalation

CrushFTP 11.3.1 - Authentication Bypass

Invision Community 5.0.6 - Remote Code Execution (RCE)
2025-05-19 00:16:30 +00:00
Exploit-DB
e49e8d0522 DB: 2025-05-14
5 changes to exploits/shellcodes/ghdb

RDPGuard 9.9.9 - Privilege Escalation

TP-Link VN020 F3v(T) TT_V6.2.1021) - DHCP Stack Buffer Overflow

Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)

WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation
2025-05-14 00:16:22 +00:00
e5c82353b4 Merge remote-tracking branch 'exploitdb/main' 2025-05-12 00:04:05 +00:00
Exploit-DB
9044a602bb DB: 2025-05-10
6 changes to exploits/shellcodes/ghdb

Apache ActiveMQ 6.1.6 - Denial of Service (DOS)

SureTriggers OttoKit Plugin 1.0.82 - Privilege Escalation

WordPress Depicter Plugin 3.6.1 - SQL Injection

Microsoft Windows 11 Pro 23H2 - Ancillary Function Driver for WinSock Privilege Escalation

VirtualBox 7.0.16 - Privilege Escalation
2025-05-10 00:16:28 +00:00
64c800d1a7 Merge remote-tracking branch 'exploitdb/main' 2025-05-08 00:03:03 +00:00
Exploit-DB
3cc98cadb3 DB: 2025-05-07
4 changes to exploits/shellcodes/ghdb

Casdoor 1.901.0 - Cross-Site Request Forgery (CSRF)

Grokability Snipe-IT 8.0.4 - Insecure Direct Object Reference (IDOR)

ERPNext 14.82.1 - Account Takeover via Cross-Site Request Forgery (CSRF)
2025-05-07 00:16:29 +00:00
23961d7132 Merge remote-tracking branch 'exploitdb/main' 2025-05-03 00:02:49 +00:00
Exploit-DB
5544e2e039 DB: 2025-05-02
5 changes to exploits/shellcodes/ghdb

Daikin Security Gateway  14 - Remote Password Reset

ZTE ZXV10 H201L - RCE via authentication bypass

Microsoft - NTLM Hash Disclosure Spoofing (library-ms)

Microsoft Windows - XRM-MS File NTLM Information Disclosure Spoofing
2025-05-02 00:16:30 +00:00
00de2ea641 Merge remote-tracking branch 'exploitdb/main' 2025-05-02 00:03:05 +00:00
Exploit-DB
cc6d742d61 DB: 2025-05-01
2 changes to exploits/shellcodes/ghdb

unzip-stream 0.3.1 - Arbitrary File Write
2025-05-01 00:16:35 +00:00
9d239ad420 Merge remote-tracking branch 'exploitdb/main' 2025-04-30 00:02:59 +00:00
g0t mi1k
e947b3fe8d Merge branch 'xXxsomebodyoncetoldmexXx-main-patch-73439' into 'main'
Fixing "fatal: couldn't find remote ref master" error for new installer.

See merge request exploit-database/exploitdb!1
2025-04-29 09:07:39 +00:00
0f05972f2e Merge remote-tracking branch 'exploitdb/main' 2025-04-24 00:02:55 +00:00
Exploit-DB
6cef641858 DB: 2025-04-23
9 changes to exploits/shellcodes/ghdb

tar-fs 3.0.0 - Arbitrary File Write/Overwrite

OpenSSH server (sshd) 9.8p1 - Race Condition

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution

code-projects Online Exam Mastering System 1.0 - Reflected Cross-Site Scripting (XSS)

WonderCMS 3.4.2 - Remote Code Execution (RCE)

WordPress Core 6.2 - Directory Traversal
Microsoft Windows 11 - Kernel Privilege Escalation
Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege
2025-04-23 00:16:28 +00:00
34638e2ae8 Merge remote-tracking branch 'exploitdb/main' 2025-04-21 00:02:44 +00:00
Exploit-DB
71bfc9b6c5 DB: 2025-04-20
3 changes to exploits/shellcodes/ghdb

FoxCMS 1.2.5 - Remote Code Execution  (RCE)

Drupal 11.x-dev - Full Path Disclosure
2025-04-20 00:16:27 +00:00
2d562cdb73 Merge remote-tracking branch 'exploitdb/main' 2025-04-20 00:02:46 +00:00
Exploit-DB
8ce497b2c8 DB: 2025-04-19
8 changes to exploits/shellcodes/ghdb

Langflow 1.3.0 -  Remote Code Execution (RCE)

Apache Commons Text  1.10.0 - Remote Code Execution

Hunk Companion Plugin 1.9.0 - Unauthenticated Plugin Installation

UJCMS 9.6.3 - User Enumeration via IDOR

Inventio Lite 4 - SQL Injection

KiviCare Clinic & Patient Management System (EHR) 3.6.4 - Unauthenticated SQL Injection

Tatsu 3.3.11 - Unauthenticated RCE
2025-04-19 00:16:29 +00:00
92a06134fe Merge remote-tracking branch 'exploitdb/main' 2025-04-19 00:02:25 +00:00
Exploit-DB
9ddf81331a DB: 2025-04-18
10 changes to exploits/shellcodes/ghdb

TP-Link VN020 F3v(T) TT_V6.2.1021 - Buffer Overflow Memory Corruption
TP-Link VN020 F3v(T) TT_V6.2.1021 - Denial Of Service (DOS)

Angular-Base64-Upload Library 0.1.21 - Unauthenticated Remote Code Execution (RCE)

Blood Bank & Donor Management System 2.4 - CSRF Improper Input Validation

compop.ca 3.5.3 - Arbitrary code Execution

Usermin 2.100 - Username Enumeration

ABB Cylon Aspect 3.08.02 (deployStart.php) - Unauthenticated Command Execution

ABB Cylon Aspect 3.08.02 (ethernetUpdate.php)  - Authenticated Path Traversal

AnyDesk 9.0.1 - Unquoted Service Path
2025-04-18 00:16:31 +00:00
682b78fb31 Merge remote-tracking branch 'exploitdb/main' 2025-04-18 00:01:14 +00:00
Exploit-DB
7ebfc36557 DB: 2025-04-17
24 changes to exploits/shellcodes/ghdb

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE)

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account

Dell EMC iDRAC7/iDRAC8 2.52.52.52 -  Remote Code Execution (RCE)

FLIR AX8 1.46.16  - Remote Command Injection

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF)

Ethercreative Logs 3.0.3 - Path Traversal

Garage Management System 1.0 (categoriesName) - Stored XSS

Nagios Log Server 2024R1.3.1 - Stored XSS

ProConf 6.0 -  Insecure Direct Object Reference (IDOR)

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS)

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection
ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php)  - File Write DoS
ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS
ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution

Car Rental Project 1.0 - Remote Code Execution

KodExplorer 4.52 - Open Redirect

NagVis 1.9.33 - Arbitrary File Read
phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS)
phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames

Smart Manager 8.27.0 - Post-Authenticated SQL Injection

Zabbix 7.0.0 - SQL Injection

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE)

Fortinet FortiOS_ FortiProxy_ and FortiSwitchManager 7.2.0 - Authentication bypass

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page
2025-04-17 00:16:29 +00:00
4a70237d12 Merge remote-tracking branch 'exploitdb/main' 2025-04-17 00:01:19 +00:00
Exploit-DB
b905517ca9 DB: 2025-04-16
22 changes to exploits/shellcodes/ghdb

Spring Boot common-user-management 0.1 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 (userManagement.php) - Weak Password Policy
ABB Cylon Aspect 3.08.02 (bbmdUpdate.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 (licenseServerUpdate.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (licenseUpload.php) - Stored Cross-Site Scripting
ABB Cylon Aspect 3.08.02 (uploadDb.php) - Remote Code Execution
ABB Cylon Aspect 3.08.02 - Cookie User Password Disclosure

ABB Cylon Aspect 3.08.03 (CookieDB) - SQL Injection

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.08.03 (MapServicesHandler) - Authenticated Reflected XSS
ABB Cylon Aspect 3.08.03 - Hard-coded Secrets

Adapt Authoring Tool 0.11.3 - Remote Command Execution (RCE)
IBMi Navigator 7.5 -  HTTP Security Token Bypass
IBMi Navigator 7.5 - Server Side Request Forgery (SSRF)

Plane 0.23.1 - Server side request forgery (SSRF)
ABB Cylon Aspect 3.08.02 (escDevicesUpdate.php) - Denial of Service (DOS)
ABB Cylon Aspect 3.08.02 (webServerUpdate.php) - Input Validation Config Poisoning

Cacti 1.2.26 -  Remote Code Execution (RCE) (Authenticated)

OpenCMS 17.0 - Stored Cross Site Scripting (XSS)

Really Simple Security 9.1.1.1 - Authentication Bypass

Pymatgen 2024.1 - Remote Code Execution (RCE)
2025-04-16 00:16:24 +00:00
3695da6995 Merge remote-tracking branch 'exploitdb/main' 2025-04-16 00:01:37 +00:00
Exploit-DB
0f3d104e83 DB: 2025-04-15
15 changes to exploits/shellcodes/ghdb

ZTE ZXHN H168N 3.1 - Remote Code Execution (RCE) via authentication bypass
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
GestioIP 3.5.7 - Cross-Site Scripting (XSS)
GestioIP 3.5.7 - Reflected Cross-Site Scripting (Reflected XSS)
GestioIP 3.5.7 - Remote Command Execution (RCE)
GestioIP 3.5.7 - Stored Cross-Site Scripting (Stored XSS)
OpenPanel 0.3.4 - Directory Traversal
OpenPanel 0.3.4 - Incorrect Access Control
OpenPanel 0.3.4 - OS Command Injection
OpenPanel Copy and View functions in the File Manager 0.3.4 - Directory Traversal

Pimcore 11.4.2 - Stored cross site scripting

Pimcore customer-data-framework 4.2.0 -  SQL injection

SilverStripe 5.3.8  - Stored Cross Site Scripting (XSS) (Authenticated)

Xinet Elegant 6 Asset Lib Web UI 6.1.655 - SQL Injection
2025-04-15 00:16:26 +00:00
f2ad90c38c Merge remote-tracking branch 'exploitdb/main' 2025-04-15 00:01:40 +00:00
Exploit-DB
60175c9963 DB: 2025-04-14
52 changes to exploits/shellcodes/ghdb

Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection
Microchip TimeProvider 4100 (Configuration modules) 2.4.6 - OS Command Injection
Microchip TimeProvider 4100 Grandmaster (Banner Config Modules) 2.4.6 - Stored Cross-Site Scripting (XSS)
Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

DataEase 2.4.0 - Database Configuration Information Exposure

Cosy+ firmware 21.2s7 - Command Injection

Angular-Base64-Upload Library 0.1.20 - Remote Code Execution (RCE)

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)
ABB Cylon Aspect 3.07.02 - File Disclosure (Authenticated)
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)
ABB Cylon Aspect 3.07.02 - File Disclosure
ABB Cylon Aspect 3.08.01 - Remote Code Execution (RCE)

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

CyberPanel 2.3.6 - Remote Code Execution (RCE)

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Intelight X-1L Traffic controller Maxtime 1.9.6 - Remote Code Execution (RCE)

KubeSphere 3.4.0 - Insecure Direct Object Reference (IDOR)

MagnusSolution magnusbilling 7.3.0 - Command Injection

Palo Alto Networks Expedition 1.2.90.1 - Admin Account Takeover

Progress Telerik Report Server 2024 Q1 (10.0.24.305) - Authentication Bypass

Sonatype Nexus Repository 3.53.0-01 - Path Traversal

Watcharr 1.43.0 - Remote Code Execution (RCE)

Webmin Usermin 2.100 - Username Enumeration
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete
ABB Cylon Aspect 3.07.01 - Hard-coded Default Credentials
ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Artica Proxy 4.50 - Remote Code Execution (RCE)

Centron 19.04 - Remote Code Execution (RCE)

ChurchCRM 5.9.1 - SQL Injection

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

CodeCanyon RISE CRM 3.7.0 - SQL Injection

Elaine's Realtime CRM Automation 6.18.17 - Reflected XSS

Feng Office 3.11.1.2 - SQL Injection
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload
flatCore 1.5 - Cross Site Request Forgery (CSRF)
flatCore 1.5.5 - Arbitrary File Upload

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Gnuboard5 5.3.2.8 - SQL Injection

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

Litespeed Cache 6.5.0.1 - Authentication Bypass

MiniCMS 1.1 - Cross Site Scripting (XSS)

MoziloCMS 3.0 - Remote Code Execution (RCE)

NEWS-BUZZ News Management System 1.0 - SQL Injection

PandoraFMS 7.0NG.772 - SQL Injection

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

PZ Frontend Manager WordPress Plugin 1.0.5 - Cross Site Request Forgery (CSRF)

ResidenceCMS 2.10.1 - Stored Cross-Site Scripting (XSS)

RosarioSIS 7.6 - SQL Injection

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

X2CRM 8.5 - Stored Cross-Site Scripting (XSS)

Rejetto HTTP File Server 2.3m - Remote Code Execution (RCE)

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure
2025-04-14 00:16:26 +00:00
e763a7dc0b Merge remote-tracking branch 'exploitdb/main' 2025-04-13 00:01:53 +00:00
Exploit-DB
b165516b1b DB: 2025-04-12
26 changes to exploits/shellcodes/ghdb

ABB Cylon Aspect 3.08.02 - PHP Session Fixation
ABB Cylon FLXeon 9.3.4 - Cross-Site Request Forgery
ABB Cylon FLXeon 9.3.4 - Default Credentials
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (Authenticated)
ABB Cylon FLXeon 9.3.4 - Remote Code Execution (RCE)
ABB Cylon FLXeon 9.3.4 - System Logs Information Disclosure
ABB Cylon FLXeon 9.3.4 - WebSocket Command Spawning

Netman 204 - Remote command without authentication

qBittorrent 5.0.1 - MITM RCE

CMU CERT/CC VINCE 2.0.6 - Stored XSS

CyberPanel 2.3.6 - Remote Code Execution (RCE)
GeoVision GV-ASManager 6.1.0.0 - Broken Access Control
GeoVision GV-ASManager 6.1.1.0 - CSRF

MagnusSolution magnusbilling 7.3.0 - Command Injection

Nagios Log Server 2024R1.3.1 - API Key Exposure

WebFileSys 2.31.0 - Directory Path Traversal

flatCore 1.5 - Cross Site Request Forgery (CSRF)

GetSimpleCMS 3.3.16 - Remote Code Execution (RCE)

Gnuboard5 5.3.2.8 - SQL Injection

LearnPress WordPress LMS Plugin 4.2.7 - SQL Injection

MiniCMS 1.1 - Cross Site Scripting (XSS)

NEWS-BUZZ News Management System 1.0 - SQL Injection

phpIPAM 1.6 - Reflected Cross Site Scripting (XSS)

RosarioSIS 7.6 - SQL Injection

Roundcube Webmail 1.6.6 - Stored Cross Site Scripting (XSS)
2025-04-12 00:16:31 +00:00
70472131cc Merge remote-tracking branch 'exploitdb/main' 2025-04-12 00:01:16 +00:00
Exploit-DB
9d3e200bec DB: 2025-04-11
12 changes to exploits/shellcodes/ghdb

Cosy+ firmware 21.2s7 - Command Injection

K7 Ultimate Security K7RKScan.sys 17.0.2019 - Denial Of Service (DoS)

Cisco Smart Software Manager On-Prem 8-202206 - Account Takeover

AquilaCMS 1.409.20 - Remote Command Execution (RCE)

Centron 19.04 - Remote Code Execution (RCE)

CodeAstro Online Railway Reservation System 1.0 - Cross Site Scripting (XSS)

Feng Office 3.11.1.2 - SQL Injection

flatCore 1.5.5 - Arbitrary File Upload

PandoraFMS 7.0NG.772 - SQL Injection
Typecho 1.3.0 - Race Condition
Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)
2025-04-11 00:17:01 +00:00
1dbb33ef37 Merge remote-tracking branch 'exploitdb/main' 2025-04-11 00:01:15 +00:00